diff --git a/cmd/katalyst-agent/app/options/metaserver/metaserver.go b/cmd/katalyst-agent/app/options/metaserver/metaserver.go
index 44c1a8123..c35d27abf 100644
--- a/cmd/katalyst-agent/app/options/metaserver/metaserver.go
+++ b/cmd/katalyst-agent/app/options/metaserver/metaserver.go
@@ -73,6 +73,7 @@ type MetaServerOptions struct {
 	ConfigCheckpointGraceTime      time.Duration
 
 	// configurations for spd
+	ServiceProfileEnableNamespaces    []string
 	ServiceProfileSkipCorruptionError bool
 	ServiceProfileCacheTTL            time.Duration
 	SPDGetFromRemote                  bool
@@ -104,6 +105,7 @@ func NewMetaServerOptions() *MetaServerOptions {
 		ConfigSkipFailedInitialization: defaultConfigSkipFailedInitialization,
 		ConfigCheckpointGraceTime:      defaultConfigCheckpointGraceTime,
 
+		ServiceProfileEnableNamespaces:    []string{"*"},
 		ServiceProfileSkipCorruptionError: defaultServiceProfileSkipCorruptionError,
 		ServiceProfileCacheTTL:            defaultServiceProfileCacheTTL,
 		SPDGetFromRemote:                  defaultSPDGetFromRemote,
@@ -132,6 +134,8 @@ func (o *MetaServerOptions) AddFlags(fss *cliflag.NamedFlagSets) {
 	fs.BoolVar(&o.EnableCNCFetcher, "enable-cnc-fetcher", o.EnableCNCFetcher,
 		"Whether to enable cnc fetcher")
 
+	fs.StringSliceVar(&o.ServiceProfileEnableNamespaces, "service-profile-enable-namespaces", o.ServiceProfileEnableNamespaces,
+		"Comma-separated list of namespaces where service profiles are enabled, default is all namespaces")
 	fs.DurationVar(&o.ConfigCacheTTL, "config-cache-ttl", o.ConfigCacheTTL,
 		"The ttl of katalyst custom config loader cache remote config")
 	fs.BoolVar(&o.ConfigDisableDynamic, "config-disable-dynamic", o.ConfigDisableDynamic,
@@ -176,6 +180,7 @@ func (o *MetaServerOptions) ApplyTo(c *metaserver.MetaServerConfiguration) error
 	c.ConfigSkipFailedInitialization = o.ConfigSkipFailedInitialization
 	c.ConfigCheckpointGraceTime = o.ConfigCheckpointGraceTime
 
+	c.ServiceProfileEnableNamespaces = o.ServiceProfileEnableNamespaces
 	c.ServiceProfileSkipCorruptionError = o.ServiceProfileSkipCorruptionError
 	c.ServiceProfileCacheTTL = o.ServiceProfileCacheTTL
 	c.SPDGetFromRemote = o.SPDGetFromRemote
diff --git a/pkg/config/agent/metaserver/spd.go b/pkg/config/agent/metaserver/spd.go
index fb98af243..1116f9da2 100644
--- a/pkg/config/agent/metaserver/spd.go
+++ b/pkg/config/agent/metaserver/spd.go
@@ -22,6 +22,7 @@ type SPDConfiguration struct {
 	ServiceProfileSkipCorruptionError bool
 	ServiceProfileCacheTTL            time.Duration
 	SPDGetFromRemote                  bool
+	ServiceProfileEnableNamespaces    []string
 }
 
 func NewSPDConfiguration() *SPDConfiguration {
diff --git a/pkg/metaserver/spd/fetcher.go b/pkg/metaserver/spd/fetcher.go
index d0c2e0a35..7d9d7bb44 100644
--- a/pkg/metaserver/spd/fetcher.go
+++ b/pkg/metaserver/spd/fetcher.go
@@ -88,6 +88,8 @@ type spdFetcher struct {
 	checkpointManager checkpointmanager.CheckpointManager
 	getPodSPDNameFunc GetPodSPDNameFunc
 
+	serviceProfileEnableNamespaces []string
+
 	// spdCache is a cache of namespace/name to current target spd
 	spdCache *Cache
 }
@@ -102,12 +104,13 @@ func NewSPDFetcher(clientSet *client.GenericClientSet, emitter metrics.MetricEmi
 	}
 
 	m := &spdFetcher{
-		started:           atomic.NewBool(false),
-		client:            clientSet,
-		emitter:           emitter,
-		checkpointManager: checkpointManager,
-		cncFetcher:        cncFetcher,
-		spdGetFromRemote:  conf.SPDGetFromRemote,
+		started:                        atomic.NewBool(false),
+		client:                         clientSet,
+		emitter:                        emitter,
+		checkpointManager:              checkpointManager,
+		cncFetcher:                     cncFetcher,
+		spdGetFromRemote:               conf.SPDGetFromRemote,
+		serviceProfileEnableNamespaces: conf.ServiceProfileEnableNamespaces,
 	}
 
 	m.getPodSPDNameFunc = util.GetPodSPDName
@@ -127,7 +130,12 @@ func (s *spdFetcher) GetSPD(ctx context.Context, podMeta metav1.ObjectMeta) (*wo
 		return nil, errors.NewNotFound(workloadapis.Resource(workloadapis.ResourceNameServiceProfileDescriptors), fmt.Sprintf("for pod(%v/%v)", podMeta.Namespace, podMeta.Name))
 	}
 
-	return s.getSPDByNamespaceName(ctx, podMeta.GetNamespace(), spdName)
+	spdNamespace := podMeta.GetNamespace()
+	if !general.IsNameEnabled(spdNamespace, nil, s.serviceProfileEnableNamespaces) {
+		return nil, errors.NewNotFound(workloadapis.Resource(workloadapis.ResourceNameServiceProfileDescriptors), fmt.Sprintf("for pod(%v/%v)", podMeta.Namespace, podMeta.Name))
+	}
+
+	return s.getSPDByNamespaceName(ctx, spdNamespace, spdName)
 }
 
 // SetGetPodSPDNameFunc set get spd name function to override default getPodSPDNameFunc before started